Help for hacked sites: SQL injection
Updated on: 17 August 2013
The video tackles how to recover a hacked site by properly assessing the damage. It also talks about SQL injection and how you can effectively deal with it for recovery.
The video highlights the following:
1. Importance of Website Ownership Verification on Google Webmaster Tools.
Verifying your ownership of your website on the Google Webmaster tools is essential because this is useful in getting more information about the type of infections that your site encounters especially if you were already notified that it is infected by malware, more specifically that type called SQL injection. Through verification, you can also access a list of infections being aroused as well as the specific type of malware infection encountered.
2. What is SQL Injection?
When the SQL injection type of malware affects you, note that this means that the database of your site has greater chances of being compromised. An example of this is when a hacker programmatically inserts malicious codes in each record found in your database table. Once the server needs to load pages requiring information from your database, there is a great possibility for the malicious codes to invade the contents of your pages. An SQL injection might also compromise your database and modify records that contain infectious parts that comes from the attack site. When this happens, your website visitors will load pages on their browser that does not only contain information about your website but also codes that could infect them with the malware.
3. Investigating SQL Injection Results
As a means of effectively investigating SQL injection results, it is crucial for you to verify ownership using Google Webmaster tools. You can confirm the presence of this issue by copying the aroused samples displayed in the malware section. You should also gather information about how you can accurately estimate the specific number of records affected by SQL injection. An effective way to do this is to discover the hacker’s code’s strengths.
For instance, if you found out that your pages contains harmful i-frame, then it is crucial for you to execute query searching for this code. You can also use other effective tools capable of providing more visibility to every data you entered into your database. Checking the database log is also crucial since this will inform you about any unusual activities like unexpected SQL commands. You can use this to gather more information about the attempts of hackers.
4. What to do when your Website is Ready to Eliminate SQL Injection?
Once you notice that your website is already ready for cleaning the SQL injection, then note that your best actions include either restoring the last recognised database backup or updating all records in your database.